<html>
<head>
<!--
   Copyright 1999-2004 The Apache Software Foundation
 
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at
 
       http://www.apache.org/licenses/LICENSE-2.0
 
   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
-->
<link rel="stylesheet" href="style.css">
<style type="text/css">
    td {
        background-color: #E0E0E0;
        vertical-align: text-top;
    }
    th {
        background-color: #d0d0d0;
    }
    table {
        width: 75%;
        background-color: #000000;
    }
    </style>
<title>Working with JDBCRealm</title></head><body>
<h1>Working with JDBCRealm</h1>
<h2>What is JDBCRealm?</h2>
<p>Is an implementation of a tomcat 3.X Realm that use a  set of configurable tables inside a RDMS to store  user's data, this tables are accessed by means of standard JDBC drivers.<br>
The passwords can be stored  as digested ( using standard Java's MessageDigest ) or in plain form.<br>
All the parameters, drivers, tables, and columns are user configurable. </p>
<h2>Example Config for JDBCRealm</h2>
This is an example of how to set up a JDBC Realm. For this example I used the MySQL JDBC driver.  
<h3>1. Create a database. </h3>
<blockquote>
<p>	I made the database named "authority"</p>
</blockquote>
<h3>  2. Create needed tables.       </h3>
<blockquote>
<h4>	1. The user table. </h4>
<blockquote>
<p>This table needs the user's name and a password          field. In the example I use "users" for the table name,          "user_name" for the column that holds the user's name, and          "user_pass" for the user's password.      </p>
</blockquote>
<h4>2. The role table. </h4>
<blockquote>
<p>This table needs the role's set up that will be         in any deployment descriptor that is managed under the container         this Realm is in. In the example I use "roles" as the table name         and "role_name" as the role's name. NB: This table doesn't get         used at all by tomcat.      </p>
</blockquote>
<h4>3. The role to user table. </h4>
<blockquote>
<p>This table joins a set of roles to a         single user. In the example the table name is "user_roles",         the role's name is "role_name" , and the user's name is assumed         to have the same column name as in the user's table ("user_name"         in this example.  </p>
<p>Here is the SQL I used to create the tables: 
</p>
</blockquote>
</blockquote>
<table  align="center">
<tr>
<td>
<pre>create table users
(
  user_name varchar(15) not null primary key,
  user_pass varchar(15) not null
);


create table roles
(
  role_name varchar(15) not null primary key
);

create table user_roles
(
  user_name varchar(15) not null,
  role_name varchar(15) not null,
  primary key( user_name, role_name )
);

</pre>
</td>
</tr>
</table>
<blockquote>
<blockquote>
<p><br>
Here is sample output from the tables:
<br>
<br>
</p>
</blockquote>
</blockquote>
<table align="center" border="0">
<tr>
<td>
<pre>
mysql&gt; select * from users;
+-----------+-----------+
| user_name | user_pass |
+-----------+-----------+
| tomcat    | tomcat    |
| user1     | tomcat    |
| user2     | tomcat    |
| user3     | tomcat    |
+-----------+-----------+
4 rows in set (0.00 sec)

mysql&gt; 
mysql&gt; select * from roles;
+------------+
| role_name  |
+------------+
| tomcat     |
| role1      |
+------------+
2 rows in set (0.02 sec)

mysql&gt; 


mysql&gt; select * from user_roles;
+------------+-----------+
| role_name  | user_name |
+------------+-----------+
| tomcat     | user1     |
| role1      | user2     |
| tomcat     | tomcat    |
| role1      | tomcat    |
+------------+-----------+
4 rows in set (0.00 sec)

mysql&gt; 
</pre>
</td>
</tr>

</table>
<h3>3. Configure Tomcat </h3>
<blockquote>
<p>Add the information to the server.xml file. For this example I used    this entry inside: </p>
</blockquote>
<table width="100%" border="0" align="center">
<tr>
<td>
<blockquote>
<p><code><br>
&lt;JDBCRealm"<br>
 
	debug="99"      
	driverName="org.gjt.mm.mysql.Driver" <br>
     
	connectionURL="jdbc:mysql://localhost/authority?user=test;password=test"      
	userTable="users"<br>
 
	userNameCol="user_name"<br>
 
	userCredCol="user_pass"<br>
      
	userRoleTable="user_roles" 
	roleNameCol="role_name" /&gt;
<br>
</code></p>
</blockquote>
</td>
</tr>
</table>
<p>The meaning of the attributes is as follow:</p>
<table align="center" width="51%">
<tr>
<th height="32">
<p>attribute</p>
</th>
<th>Meaning</th>
</tr>

<tr>
<td height="32">   driverName</td>
<td height="32"> The name of the driver needed to connect to the database
		</td>
</tr>
<tr>
<td height="32">connectionURL</td>
<td height="32"> 	The connection URL used to connect to the database
</td>
</tr>
<tr>
<td height="32">userTable</td>
<td> 		The user's tables
</td>
</tr>
<tr>
<td height="32">userNameCol</td>
<td> 		The column in the user's table that contains the name
</td>
</tr>
<tr>
<td height="32">userCredCol</td>
<td> 		The column in the user's table that contains the password
</td>
</tr>
<tr>
<td height="33">userRoleTable</td>
<td height="33"> 	The user's roles table
</td>
</tr>
<tr>
<td height="32">roleNameCol</td>
<td> 		The column in the user's table that contains a role given
                      	to a user
</td>
</tr>

<tr>
<td height="32">      connectionName</td>
<td> The name to use when connecting to the database.
(Optional)</td>
</tr>
<tr>
<td height="32">connectionPassword</td>
<td>The password to use when connecting to the database.
(Optional)
</td>
</tr>
<tr>
<td height="32">digest       </td>
<td>The algorithm used for digest passwords or &quot;No&quot; for
	      plain passwords, the values can be
	      &quot;MD5&quot;, &quot;MD2&quot;, &quot;SHA&quot;,
	      etc...
<a href=
"http://java.sun.com/products/jdk/1.2/docs/guide/security/CryptoSpec.html#AppA"
>(Optional)</a></td>
</tr>
</table>
<p>&nbsp;</p>
<p>Done!!
</p>
<h2>Using digested passwords</h2>

<p>
  To use digested password you need to store them digested.  To
  achieve this, you will need to use the same digest strategies that
  JDBCrealm uses to store the passwords. Iinside JDBCRealm there is a
  static method with signature <code>final public static String
  digest(String password,String algorithm)</code>. This method is
  provided as a tool to be used outside JDBCRealm by an application
  that wants to generate digested passwords readable by JDBCRealm.
</p>

<p>
  The class JDBCRealm contains a main method, so it can be used as an
  application to generate digests and print them to stdout.  Usage
  is:<br>

  <code>java org.apache.tomcat.modules.aaa.RealmBase -a
  &lt;<i>algorithm</i>&gt; &lt;<i>password</i>&gt;
  [&lt;<i>password</i>&gt; ...]</code><br>

  where &lt;<i>algorithm</i>&gt; is a supported message digest
  algorithm, e.g. MD5, and &lt;<i>password</i>&gt; is a plaintext
  password to be digested.
</p>
<p>
    Note: the jar where RealmBase class can be found is %TOMCAT_HOME%/lib/container/tomcat_modules.jar
</p>
<h2>Hints</h2>
<p>
   
   - Make sure that the JDBC driver is in the lib/container directory.
<br>
- If you have problem connecting you can specify connectionName and connectionPassword</p>
<div align="center">$Header: /home/cvspublic/jakarta-tomcat/src/doc/JDBCRealm-howto.html,v 1.7 2004/02/29 22:42:50 billbarker Exp $
</div>
</body>
</html>
